chore: Upgrade UDS to v0.5.1 (#21)

chore: Upgrade zarf to v0.31.4

chore: Upgrade multiple bundle packages

feat: Build DUBBD skeleton

feat: Expose SSH in gitlab

feat: Require certs in uds-confg.yaml

feat: Configure Gitlab scheduled backups

chore: Upgrade nexus and mattermost to expose sso config

Makefile

@@ -1,8 +1,8 @@
 # The version of Zarf to use. To keep this repo as portable as possible the Zarf binary will be downloaded and added to
 # the build folder.
 # renovate: datasource=github-tags depName=defenseunicorns/zarf
-UDS_CLI_VERSION := v0.4.1
-ZARF_VERSION := v0.31.3
+UDS_CLI_VERSION := v0.5.1
+ZARF_VERSION := v0.31.4
 
 # Figure out which Zarf binary we should use based on the operating system we are on
 ZARF_BIN := zarf

README.md

@@ -15,7 +15,6 @@ This project is continually improving and being iterated on. Stay tuned to the l
 - You need [zarf](https://github.com/defenseunicorns/zarf) and [uds](https://github.com/defenseunicorns/uds-cli)
 - You need a bundle artifact. You can build it from this repository, download it or reference it directly from the [oci registry](https://github.com/defenseunicorns/uds-bundle-software-factory-nutanix/pkgs/container/uds-bundle%2Fsoftware-factory-nutanix)
 - You need a `uds-config.yaml` that is set up for your environment.
-- You need a `deploy-dubbd-values.yaml` to configure some resource increases needed for this bundle.
 
 ## The Bundle
 
@@ -31,7 +30,7 @@ Below are the example configurations used in this project to configure deploy ti
 There will be sensitive values you will need to update before deployment. You can search `replace-me` in the above `uds-config.yaml` files for quick reference sensitive values needing updated.
 
 ## Certs
-Certs for the tenant and admin gateways should be provided via `uds-config.yaml` variables: 
+Certs for the tenant and admin gateways should be provided via `uds-config.yaml` variables:
 * TENANT_CERT
 * TENANT_KEY
 * ADMIN_CERT
@@ -64,5 +63,5 @@ brew tap defenseunicorns/tap && brew install uds && brew install zarf
 ```
 2) build all the zarf packages that support this bundle
 1) build the bundle itself
-1) place the `uds-config.yaml` and the `deploy-dubbd-values.yaml` in the directory where the deployment will take place
+1) place the `uds-config.yaml` in the directory where the deployment will take place
 1) deploy the software factory.

docs/database-creation-and-configuration.md

@@ -3,104 +3,77 @@ You will need databases created and configured for use by these capabilities in
 
 ## Keycloak
 ```yaml
-bundle:
-  deploy:
-    zarf-packages:
-      keycloak-database-manifests:
-        set:
-          KEYCLOAK_DB_EXTERNAL_NAME: "keycloak-pg.mtsi-dev.bigbang.dev" # Replace with domain entry for your database
-      uds-idam:
-        set:
-          KEYCLOAK_DB_USERNAME: "postgres" # Our example uses this user
-          KEYCLOAK_DB_PASSWORD: "replace-me-db-passwords" # Replace
-          KEYCLOAK_DB_NAME: "keycloakdb" # Our example uses this database name
-          KEYCLOAK_DB_ENDPOINT: "keycloak-postgres.keycloak.svc.cluster.local" # Don't change this, this is an internal reference needed by keycloak
+variables:
+  keycloak-database-manifests:
+    KEYCLOAK_DB_EXTERNAL_NAME: "keycloak-pg.mtsi-dev.bigbang.dev" # Replace with domain entry for your database
+  uds-idam:
+    KEYCLOAK_DB_USERNAME: "postgres" # Our example uses this user
+    KEYCLOAK_DB_PASSWORD: "replace-me-db-passwords" # Replace
+    KEYCLOAK_DB_NAME: "keycloakdb" # Our example uses this database name
+    KEYCLOAK_DB_ENDPOINT: "keycloak-postgres.keycloak.svc.cluster.local" # Don't change this, this is an internal reference needed by keycloak
 ```
 
 ## Gitlab
 ```yaml
-bundle:
-  deploy:
-    zarf-packages:
-      gitlab-database-manifests:
-        set:
-          GITLAB_DB_EXTERNAL_NAME: "gitlab-pg.mtsi-dev.bigbang.dev" # Replace with domain entry for your database
-          GITLAB_DB_PASSWORD: "replace-me-db-passwords" # Replace
-      gitlab:
-        set:
-          GITLAB_DB_NAME: "gitlabdb" # Our example uses this database name
-          GITLAB_DB_USERNAME: "postgres" # Our example uses this user
+variables:
+  gitlab-database-manifests:
+    GITLAB_DB_EXTERNAL_NAME: "gitlab-pg.mtsi-dev.bigbang.dev" # Replace with domain entry for your database
+    GITLAB_DB_PASSWORD: "replace-me-db-passwords" # Replace
+  gitlab:
+    GITLAB_DB_NAME: "gitlabdb" # Our example uses this database name
+    GITLAB_DB_USERNAME: "postgres" # Our example uses this user
 ```
 
 ## Sonarqube
 ```yaml
-bundle:
-  deploy:
-    zarf-packages:
-      sonarqube-database-manifests:
-        set:
-          SONARQUBE_DB_EXTERNAL_NAME: "sonarqube-pg.mtsi-dev.bigbang.dev" # Replace with domain entry for your database
-          SONARQUBE_DB_PASSWORD: "replace-me-db-passwords" # Replace
-      sonarqube:
-        set:
-          SONARQUBE_DB_NAME: "sonarqubedb" # Our example uses this database name
-          SONARQUBE_DB_USERNAME: "postgres" # Our example uses this user
+variables:
+  sonarqube-database-manifests:
+    SONARQUBE_DB_EXTERNAL_NAME: "sonarqube-pg.mtsi-dev.bigbang.dev" # Replace with domain entry for your database
+    SONARQUBE_DB_PASSWORD: "replace-me-db-passwords" # Replace
+  sonarqube:
+    SONARQUBE_DB_NAME: "sonarqubedb" # Our example uses this database name
+    SONARQUBE_DB_USERNAME: "postgres" # Our example uses this user
 ```
 
 ## Jira
 ```yaml
-bundle:
-  deploy:
-    zarf-packages:
-      jira-database-manifests:
-        set:
-          JIRA_DB_EXTERNAL_NAME: "jira-pg.mtsi-dev.bigbang.dev" # Replace with domain entry for your database
-          JIRA_DB_PASSWORD: "replace-me-db-passwords" #Replace
-      jira:
-        set:
-          JIRA_DB_NAME: "jiradb" # Our example uses this database name
-          JIRA_DB_USERNAME: "postgres" # Our example uses this user
+variables:
+  jira-database-manifests:
+    JIRA_DB_EXTERNAL_NAME: "jira-pg.mtsi-dev.bigbang.dev" # Replace with domain entry for your database
+    JIRA_DB_PASSWORD: "replace-me-db-passwords" #Replace
+  jira:
+    JIRA_DB_NAME: "jiradb" # Our example uses this database name
+    JIRA_DB_USERNAME: "postgres" # Our example uses this user
 ```
 
 ## Confluence
 ```yaml
-bundle:
-  deploy:
-    zarf-packages:
-      confluence-database-manifests:
-        set:
-          CONFLUENCE_DB_EXTERNAL_NAME: "confluence-pg.mtsi-dev.bigbang.dev" # Replace with domain entry for your database
-          CONFLUENCE_DB_PASSWORD: "replace-me-db-passwords" # Replace
-      confluence:
-        set:
-          CONFLUENCE_DB_NAME: "confluencedb" # Our example uses this database name
-          CONFLUENCE_DB_USERNAME: "postgres" # Our example uses this user
+variables:
+  confluence-database-manifests:
+    CONFLUENCE_DB_EXTERNAL_NAME: "confluence-pg.mtsi-dev.bigbang.dev" # Replace with domain entry for your database
+    CONFLUENCE_DB_PASSWORD: "replace-me-db-passwords" # Replace
+  confluence:
+    CONFLUENCE_DB_NAME: "confluencedb" # Our example uses this database name
+    CONFLUENCE_DB_USERNAME: "postgres" # Our example uses this user
 ```
 
 ## Mattermost
 ```yaml
-bundle:
-  deploy:
-    zarf-packages:
-      mattermost-database-manifests:
-        set:
-          MATTERMOST_DB_EXTERNAL_NAME: "mattermost-pg.mtsi-dev.bigbang.dev" # Replace with domain entry for your database
-          MATTERMOST_DB_PASSWORD: "replace-me-db-passwords" # Replace
-          MATTERMOST_DB_USERNAME: "postgres" # Our example uses this user
-          MATTERMOST_DB_NAME: "mattermostdb" # Our example uses this database name
+variables:
+  mattermost-database-manifests:
+    MATTERMOST_DB_EXTERNAL_NAME: "mattermost-pg.mtsi-dev.bigbang.dev" # Replace with domain entry for your database
+    MATTERMOST_DB_PASSWORD: "replace-me-db-passwords" # Replace
+    MATTERMOST_DB_USERNAME: "postgres" # Our example uses this user
+    MATTERMOST_DB_NAME: "mattermostdb" # Our example uses this database name
 ```
 
 ## Nexus
 ```yaml
-bundle:
-  deploy:
-    zarf-packages:
-      nexus-database-manifests:
-        set:
-          NEXUS_DB_EXTERNAL_NAME: "nexus-pg.mtsi-dev.bigbang.dev" # Replace with domain entry for your database
-          NEXUS_DB_PASSWORD: "replace-me-db-passwords" # Replace
-      nexus:
-        set:
-          NEXUS_DB_NAME: "nexusdb" # Our example uses this database name
-          NEXUS_DB_USERNAME: "postgres" # Our example uses this user
+variables:
+  nexus-database-manifests:
+    NEXUS_DB_EXTERNAL_NAME: "nexus-pg.mtsi-dev.bigbang.dev" # Replace with domain entry for your database
+    NEXUS_DB_PASSWORD: "replace-me-db-passwords" # Replace
+  nexus:
+    NEXUS_DB_NAME: "nexusdb" # Our example uses this database name
+    NEXUS_DB_USERNAME: "postgres" # Our example uses this user
 ```

docs/object-store-creation-and-configuration.md

@@ -6,16 +6,13 @@ You will to create and configure the bucket you are going to use for Velero
 
 ### config
 ```yaml
-bundle:
-  deploy:
-    zarf-packages:
-      dubbd-rke2:
-        set:
-          VELERO_BUCKET_PROVIDER_URL: "http://swf.objects.mtsi.bigbang.dev" # Replace with domain entry for your object store
-          VELERO_BUCKET: "velero-bucket" # Configure the appropriate name of your bucket
-          VELERO_BUCKET_REGION: "us-east-1" # Replace with appropriate region. Nutanix expects this to be us-east-1
-          VELERO_BUCKET_KEY: "replace-me-object-store-access-key" # Replace with access key to your object store
-          VELERO_BUCKET_KEY_SECRET: "replace-me-object-store-secret-key" # Replace with secret key to your object store
+variables:
+  dubbd-rke2:
+    VELERO_BUCKET_PROVIDER_URL: "http://swf.objects.mtsi.bigbang.dev" # Replace with domain entry for your object store
+    VELERO_BUCKET: "velero-bucket" # Configure the appropriate name of your bucket
+    VELERO_BUCKET_REGION: "us-east-1" # Replace with appropriate region. Nutanix expects this to be us-east-1
+    VELERO_BUCKET_KEY: "replace-me-object-store-access-key" # Replace with access key to your object store
+    VELERO_BUCKET_KEY_SECRET: "replace-me-object-store-secret-key" # Replace with secret key to your object store
 ```
 
 ## Gitlab
@@ -38,17 +35,13 @@ You will need these buckets created in your object store. If you choose to confi
 ### config
 
 ```yaml
-bundle:
-  deploy:
-    zarf-packages:
-      gitlab-object-store:
-        set:
-          ENDPOINT: "http://swf.objects.mtsi.bigbang.dev" # Replace with domain entry for you object store
-          ACCESS_KEY: "replace-me-object-store-access-key" # Replace with access key to your object store
-          SECRET_KEY: "replace-me-object-store-secret-key" # Replace with secret key to your object store
-      gitlab:
-        set:
-          BUCKET_SUFFIX: "" # You can choose to add a suffix to the end of every bucket name if desired or needed.
+variables:
+  gitlab-object-store:
+    ENDPOINT: "http://swf.objects.mtsi.bigbang.dev" # Replace with domain entry for you object store
+    ACCESS_KEY: "replace-me-object-store-access-key" # Replace with access key to your object store
+    SECRET_KEY: "replace-me-object-store-secret-key" # Replace with secret key to your object store
+  gitlab:
+    BUCKET_SUFFIX: "" # You can choose to add a suffix to the end of every bucket name if desired or needed.
 ```
 
 ## Mattermost
@@ -60,31 +53,27 @@ You will need this bucket created in your object store. If you choose to configu
 ### config
 
 ```yaml
-bundle:
-  deploy:
-    zarf-packages:
-      mattermost-object-store:
-        set:
-          ACCESS_KEY: "replace-me-object-store-access-key" # Replace with access key to your object store
-          SECRET_KEY: "replace-me-object-store-secret-key" # Replace with secret key to your object store
-          # Replace CA_CERT with your object store cert that you need to trust
-          CA_CERT: |
-            -----BEGIN CERTIFICATE-----
-            replace-me-ca-cert-to-trust
-            -----END CERTIFICATE-----
-      mattermost:
-        set:
-          MATTERMOST_BUCKET_SUFFIX: "" # You can choose to add a suffix to the end of every bucket name if desired or needed.
-          MATTERMOST_FILE_STORE_ENDPOINT: "swf.objects.mtsi.bigbang.dev" # Replace with domain entry for you object store
-          # Volume used to mount the CA_CERT you need to trust from your object store
-          MATTERMOST_VOLUMES: |
-            - name: ca-cert
-              secret:
-                secretName: ca-secret
-                defaultMode: 0644
-          # Volume mount used to mount the CA_CERT you need to trust from your object store
-          MATTERMOST_VOLUME_MOUNTS: |
-            - name: ca-cert
-              mountPath: /etc/ssl/certs
-              readOnly: true
+variables:
+  mattermost-object-store:
+    ACCESS_KEY: "replace-me-object-store-access-key" # Replace with access key to your object store
+    SECRET_KEY: "replace-me-object-store-secret-key" # Replace with secret key to your object store
+    # Replace CA_CERT with your object store cert that you need to trust
+    CA_CERT: |
+      -----BEGIN CERTIFICATE-----
+      replace-me-ca-cert-to-trust
+      -----END CERTIFICATE-----
+  mattermost:
+    MATTERMOST_BUCKET_SUFFIX: "" # You can choose to add a suffix to the end of every bucket name if desired or needed.
+    MATTERMOST_FILE_STORE_ENDPOINT: "swf.objects.mtsi.bigbang.dev" # Replace with domain entry for you object store
+    # Volume used to mount the CA_CERT you need to trust from your object store
+    MATTERMOST_VOLUMES: |
+      - name: ca-cert
+        secret:
+          secretName: ca-secret
+          defaultMode: 0644
+    # Volume mount used to mount the CA_CERT you need to trust from your object store
+    MATTERMOST_VOLUME_MOUNTS: |
+      - name: ca-cert
+        mountPath: /etc/ssl/certs
+        readOnly: true
 ```

docs/packages-and-dependencies.md

@@ -12,8 +12,8 @@ This list covers tools which would be required on a developer machine in order t
 | [terraform](https://github.com/hashicorp/terraform) | v1.6.4 | An Infrastructure As Code (IAC) tool for managing the deployment of virtual resources (VMs, databases, object storage) within Nutanix |
 | [kubectl](https://github.com/kubernetes/kubectl) | v1.28.4 | Kubernetes management utility and CLI used by cluster admins to interact directly with a Kubernetes cluster |
 | [helm](https://github.com/helm/helm) | v3.13.2 | Kubernetes package manager CLI used to review the status of deployments in the cluster |
-| [Zarf](https://github.com/defenseunicorns/zarf) | v0.31.3 | A custom tool for packaging and delivering software components (such as gitlab) across an airgap |
-| [UDS](https://github.com/defenseunicorns/uds-cli) | v0.4.0 | A custom tool for automating and simplifying the management of multiple Zarf deployments in one environment |
+| [Zarf](https://github.com/defenseunicorns/zarf) | v0.31.4 | A custom tool for packaging and delivering software components (such as gitlab) across an airgap |
+| [UDS](https://github.com/defenseunicorns/uds-cli) | v0.5.1 | A custom tool for automating and simplifying the management of multiple Zarf deployments in one environment |
 
 ## Operating System Package Installs
 This list covers tools and packages installed in the Operating System of the virtual machines allocated to run Kubernetes. This list is obviously not exhaustive, but instead covers what is being added to the base STIG'd image.
@@ -41,20 +41,20 @@ The UDS Software Factory Bundle (SWF) is a collection of Zarf packages which inc
 
 | Name | Package Version (internal) | Application Version | Description |
 |----|----|----|----|
-| [Zarf Init](https://github.com/defenseunicorns/zarf/pkgs/container/packages%2Finit) | v0.31.3 | N/A | A zarf component installed in the cluster for orchestrating further deployment of Zarf based packages |
+| [Rook Ceph Zarf Init](https://github.com/defenseunicorns/uds-capability-rook-ceph/pkgs/container/uds-capability%2Frook-ceph%2Finit) | v0.31.4-0.1.2 | N/A | A zarf component installed in the cluster for orchestrating further deployment of Zarf based packages |
 | [MetalLB](https://github.com/defenseunicorns/uds-capability-metallb/tree/v0.0.4) | 0.0.4 | v0.13.12 | Tool for providing load balancer capabilities for ingress into a Kubernetes deployment |
 | [DUBBD](https://github.com/defenseunicorns/uds-package-dubbd) | 0.15.0 | N/A | [DESCRIPTION BELOW](#Defense-Unicorns-Big-Bang-Distribution-(DUBBD)) |
 | [Keycloak](https://github.com/defenseunicorns/uds-idam) | 0.1.14 | 21.1.1 | An identity and access management (IDAM) tool used to authenticate users for access to applications |
 | [Redis](https://github.com/defenseunicorns/uds-capability-gitlab/tree/main/utils/pkg-deps/gitlab/redis) | 0.0.2 | 7.0.12 | A key-value store used as a data backend for several applications in the stack |
 | [Minio](https://github.com/defenseunicorns/uds-capability-gitlab/tree/main/utils/pkg-deps/gitlab/minio) | 0.0.2 | 5.0.13 | An S3 compliant object storage solution backed by in-cluster storage providers. Allows applications to simulate access to cloud based storage against in-cluster resources |
-| [Gitlab](https://github.com/defenseunicorns/uds-capability-gitlab/tree/main) | 0.1.8 | 16.5.0 | A source control management tool used in the software development lifecycle for storing, updating, building and deploying custom software |
-| [Gitlab Runner](https://github.com/defenseunicorns/uds-capability-gitlab-runner/tree/main) | 0.1.2 | v15.11.0 | A counterpart to Gitlab (above) in which automated software builds, tests and deployments are executed |
+| [Gitlab](https://github.com/defenseunicorns/uds-capability-gitlab/tree/main) | 0.1.14 | 16.5.1 | A source control management tool used in the software development lifecycle for storing, updating, building and deploying custom software |
+| [Gitlab Runner](https://github.com/defenseunicorns/uds-capability-gitlab-runner/tree/main) | 0.1.3 | v16.5.0 | A counterpart to Gitlab (above) in which automated software builds, tests and deployments are executed |
 | [Sonarqube](https://github.com/defenseunicorns/uds-capability-sonarqube) | 0.1.2 | 9.9.2-community | A code inspection tool used during automated pipelines to evaluate security considerations of custom software and packaged images |
 | [Jira](https://github.com/defenseunicorns/uds-capability-jira) | 0.1.3 | 9.11.2 | A collaboration tool used for team management and task organization |
 | [Confluence](https://github.com/defenseunicorns/uds-capability-confluence) | 0.1.3 | 8.6.1 | A knowledge management tool used by teams to organize information |
-| [Mattermost Operator](https://github.com/defenseunicorns/uds-capability-mattermost-operator) | 0.1.5 | 1.20.1 | A Kubernetes operator installed to manage deployment and configuration of Mattermost instances within the cluster |
-| [Mattermost](https://github.com/defenseunicorns/uds-capability-mattermost-operator) | 0.1.5 | 9.2.3 | An instance of Mattermost, a self-hosted chat and collaboration platform |
-| [Nexus](https://github.com/defenseunicorns/uds-capability-nexus) | 0.1.2 | 3.53.1-02 | An artifact repository used for storing compiled application libraries, packages, images and other such artifacts |
+| [Mattermost Operator](https://github.com/defenseunicorns/uds-capability-mattermost-operator) | 0.1.6 | 1.20.1 | A Kubernetes operator installed to manage deployment and configuration of Mattermost instances within the cluster |
+| [Mattermost](https://github.com/defenseunicorns/uds-capability-mattermost-operator) | 0.1.7 | 9.2.3 | An instance of Mattermost, a self-hosted chat and collaboration platform |
+| [Nexus](https://github.com/defenseunicorns/uds-capability-nexus) | 0.1.5 | 3.62.0-01 | An artifact repository used for storing compiled application libraries, packages, images and other such artifacts |
 
 ## Defense Unicorns Big Bang Distribution (DUBBD)
  DUBBD is an opinionated configuration of Platform One's Big Bang product. It is a collection of tools that provide administrative capabilities such as centralized logging, monitoring, alerting and runtime security to a kubernetes cluster. The following applications and tools are installed: